That information included names, IP addresses, e-mails, download histories, encrypted passwords, and even the security questions and answers needed to retrieve or change those passwords. Not only was that data exposed, but the names, birthdates and genders of children were breached, too.

Sound familiar?

It should. That same kind of information has been stolen from companies’ HR files.

What's Next?

In addition to credit monitoring, experts say parents may likely receive the same advice received by millions of past and present federal employees whose personal data was stolen in the U.S. Office of Personnel Management (OPM) cyberattack earlier this year and during the Sony hack. That advice includes being vigilant about protecting data and reviewing security protocols. During the
AshleyMadison.com breach, experts suggested HR make employees participate in data security awareness training.

Cost of Breaches

For many companies, data breaches are costly affairs. According to a study commissioned by IBM and conducted by data security researchers the Ponemon Institute, the total average cost of a data breach in 2015 is now $3.8 million.

Reutersreported Dec. 2 that “Target Corp. agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach.” In that case, 110 million people had their phone numbers and e-mail addresses stolen after 40 million credit cards were compromised.

As Jim Farrell, senior vice president of products at New Jersey-based Archive Systems, told HR professionals at a technology conference earlier this fall, HRIT professionals must be proactive when it comes to protecting their data, and that includes having a plan to prevent such breaches before they happen.

Get rid of sensitive information and dispose of unnecessary information such as paper documents that need to be shredded or having IT properly wipe devices of information.

Provide cybersecurity awareness training.

Encrypt sensitive data at rest and in transit.

“There is a movement in our industry to say, ‘This stuff is going to happen,’ ” Farrell said. Some people say, “Don’t try to worry about prevention; worry about how you’re going to respond” to a breach. But, he said, he advises against using only that approach. “It’s
important to focus on prevention.”